This Week in Technology

This rootkit component has even more intrusive features, experts said, such as "the ability to steal user-entered passwords for the su command and to hide files in the file system, network connections, and running processes."

Microsoft this week released KB 4461585 for Outlook 2010, which includes patches for the four flaws and shouldn't trigger crashes. Microsoft confirmed it does fix the crash issues caused by KB 4461529.

The Bladabindi RAT acts as a data-stealing system and backdoor and is capable of keylogging, the theft of credentials during browser sessions, capturing webcam footage, and both the download and execution of files.

Container Orchestration in the Cloud: Exploring the Cisco, AWS Partnership

Cisco is providing Kubernetes — a container orchestration platform — on AWS through its integrated platform. Both Amazon and Cisco say this will help to simplify the process of developing and orchestrating Kubernete clusters across the AWS cloud and private data centers.

Earlier this year, Russian cybersecurity firm Kaspersky Lab found evidence that a small government spyware maker called Negg developed a “custom iOS malware that allows GPS tracking and performs audio surveillance activity,” according to a private report the company sent to subscribers. The discovery of Negg’s iOS malware has never been reported outside of Kaspersky.

Criminal hackers continue to exploit a feature in Autodesk’s widely used AutoCAD program in an attempt to steal valuable computer-assisted designs for bridges, factory buildings, and other projects, researchers said Tuesday.

Still on the topic of botnets, it is impossible not to mention that in Q3 2018 we registered a decline in the number of DDoS attacks, the most likely reason being, according to our experts, the “reprofiling” of botnets from DDoS attacks to cryptocurrency mining.

Designed to assess the current state of the market for unified endpoint management solutions, the report evaluated 12 providers using 28 criteria within the categories of current offering, strategy and market presence.

"Although Dunkin' did not experience a data security breach involving its internal systems, we've been informed that third-parties obtained usernames and passwords through other companies' security breaches and used this information to log into some Dunkin' DD Perks accounts," said the company in a statement.

Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances. In addition, roughly 700,000 Social Security numbers were exposed.

KingMiner generally targets IIS/SQL Microsoft Servers using brute-force attacks in order to gain the credentials necessary to compromise a server. Once access is granted, a .sct Windows Scriptlet file is downloaded and executed on the victim's machine.